CyberSec.Space Logo
CVEブラウザに戻る

CVE-2011-1696

MEDIUM
4.3
CVSS Severity Score
EPSS Score0.0780%
EPSS Percentile20.29th
Published2011年10月8日
Last Modified2026年4月29日

Vulnerability Description

Cross-site scripting (XSS) vulnerability in Novell Identity Manager (aka IDM) User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, and Identity Manager Roles Based Provisioning Module 3.6.0, 3.6.1, 3.7.0, and 4.0.0, allows remote attackers to inject arbitrary web script or HTML via the apwaDetail (aka apwaDetailId) parameter, aka Bug 692972.

Affected Platforms (CPE)

📦
Novell

Identity Manager Roles Based Provisioning Module

= 3.6.0
📦
Novell

Identity Manager Roles Based Provisioning Module

= 3.6.1
📦
Novell

Identity Manager Roles Based Provisioning Module

= 3.7.0
📦
Novell

Identity Manager Roles Based Provisioning Module

= 4.0.0
📦
Novell

Identity Manager User Application

= 3.5.0
📦
Novell

Identity Manager User Application

= 3.5.1
📦
Novell

Identity Manager User Application

= 3.6.0
📦
Novell

Identity Manager User Application

= 3.6.1
📦
Novell

Identity Manager User Application

= 3.7.0
📦
Novell

Identity Manager User Application

= 4.0.0

References & Advisories

🔗 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5111710.html
🔗 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5111711.html
🔗 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112230.html
🔗 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112250.html
🔗 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112270.html
🔗 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112271.html
🔗 http://www.securityfocus.com/bid/49935
🔗 http://www.securitytracker.com/id?1026138

関連する脆弱性情報

CVE-2013-108310.0

Unspecified vulnerability in the login functionality in the Reporting Module in Novell Identity Manager (aka IDM) Roles Based Prov...

CVE-2008-50954.3

Cross-site scripting (XSS) vulnerability in the Novell User Application 3.0.1, 3.5.0, and 3.5.1; and Identity Manager Roles Based ...

CVE-2010-43244.3

Cross-site scripting (XSS) vulnerability in the Approval Form in the User Application in the Roles Based Provisioning Module 3.7.0...

CVE-2011-22274.3

Cross-site scripting (XSS) vulnerability in Novell Identity Manager (aka IDM) User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, ...